#tlsnotary-chat

"..e found out that the Bouncy Castle library and the Oracle JCE provider were vulnerable and we could extract private keys from the TLS servers running these libraries. The attacks are quite powerful. For Bouncy Castle, we needed about 3300 real server queries. For Oracle JCE, we needed about 17000 real server queries."

top quality from oracle/java once again. check the point is on the curve? meh.

waxwing: you can't let oracle shoulder the blame alone, bouncy castle looks even worse.....

proslogion: is bouncy castle an open source thing or is it owned by someone?

interesting attack anyway :)

yeah, it's an open source project unrelated

right, blame the neckbeards :)

i will have you know that bouncy castle does RSA key generation without sieving

"practical invalid curve attacks" is a fail. need a marketing slogan.

basically: go get a random number, test it, if it fails, go get another one

huh, just noticed that bit at the end:

" I am the admin of www.xyz.com and I lost my private key. Could you recover it?

Of course, for this reason we closely cooperate with the Hacking Team. Send your inquiries to ec@hackingteam.it";

is that some kind of joke? :)

proslogion: do you know anything about this? https://shadowsocks.org/en/spec/protocol.html

waxwing: yeah, it's quickly becoming the only effective popular way for wall crossing with China now

within*

proslogion: does it need servers to be running that protocol then?

sorry i only got a vague idea of it from reading that

yes, you could set up your own server, or use others

i haven't really looked at the protocol, but the reason why it's effective, is that it does traffic obfuscation very successfully, and GFW decides the IPs to block by analyzing the traffic

so the server looks as if it's running a normal tls webserver, is that the idea?

yeah you are smart

i noticed a funny comment about rc4-md5 'because it's secure' :)

re: smart, was that snark? your humour sometimes eludes me :)

that was a compliment

you figured it out before i finished typing

it's interesting that the code was removed from the main repo (but available at shadowsocksfork), but the wiki is still there.

"Removed according to regulations"

i have no idea who is the author as well

all the issues are in chinese :)

but fwiw, formerly popular wall-climbing methods were even less safe, e.g., GoAgent using google app engine

i'm sure this model was under consideration by many people for a long time, the question always to me was, who's going to run the servers? they get a lot of server load and no reward?

i suppose, yes, you could run your own, but then your endpoint has to not be blocked, right? or did i miss something.

well, it's like a socks5 proxy, which is quite a bit less heavy than a VPN which many already ran, and there are people who share a VPS, and of course, people setting up shadowsocks servers to make profits

overall, since it's a market, it will figure out itself :)

yes, i was thinking about the comparison to a VPN. Are VPNs not working too well nowadays?

it's interesting the pressure to decentralization that this environment creates.

i saw something on reddit r/China where people were complaining about Astrill.

as i said, the key to defeat GFW is to defeat traffic analysis, GFW apparently is able to spot VPN traffic quite well right now

yes, of course, got confused a minute there.

i think this is a good example of what i was wittering on about re: steganography in my 'tlstweet manifesto'.

yeah

problem is that even market incentives don't align so well, markets create centralization pressure because of economies of scale.

the greatest complaint i have for anything coming out from China, is people always like to do it in a haphazard, very ad-hoc sort of way, nobody really systematize the knowledge and make it look like a science

yeah, you were truly insightful when it comes to such stuff, it still amazes me whenever textbook-ish scenarios do appear in reality

on second thought, systematic approach doesn't really work as well IRL, almost all Tor obfuscations have been figured out by GFW it looks like :)

Hello everyone

hello proslogion

so i get bored, so export a private key to distribute a red envelope in the Chinese style, feel free to grab it ;) Kzhzn4q7NyRHzUbcdvSmx4ehrf3yDzxEb3k3sqREk1TE16c1JCMk

thanks, and happy new year!

gong xi fa cai :)

yeah, it's pretty funny, essentially the wildly popular Wechat red envelope social gaming is all about "grabbing", like someone puts out a red envelope, then whoever are the first ones to open it will get the money(also amounts are randomized so first opener doesn't necessarily get the best)

now today in the Miner's group people tried to do it for Bitcoin while giving normal red envelopes, eventually they realize since it's a race condition by definition, the best approach is just to paste the privkey

i wonder if you could add randomness somehow

like require some proof of work to be solved

yeah

i think you can

like nanopayment by cassacius

from 15minutes-17minutes here is interesting :) https://www.youtube.com/watch?v=8WDOpzxpnTE

looking at the fips186-3, it looks like the sha(seed) is used to calculate b for the curve. so it wouldn't apply to secp256k1 if i'm getting it right.

waxwing: you learn something new every year :)

might be worth looking at that doc a bit more; my guess is that there's no attempt to justify G, because it doesn't matter. but if they used a seed like they apparently did for secp256k1 then you might hvae the same G/2 weirdness for *r1 too?

oh happy new year .. is that today?

in Chinese time

UK not yet :)

interesting vide osegment waxwing

i can't help thinking in 10 years all these fancy constructions will be REKT when QC is out

always an arms race

wow, pairing crypto allows you to do "homomorphic inner product". fancy indeed :)

proslogion: ping

in #bitsquare someone is asking about using tlsnotary with gmail

oh wow, some famous figures paying attention :)

proslogion: yeah :) decentralized buying your zero knowledge proofs :)

i wonder have they done their famous "beet auction" yet :)

maybe we should persuade him to help us getting ZKP for darknotary working :)

proslogion: my ping earlier was that you could tell him how you got gmail to work; i couldn't remember. some non-javascript option? or maybe it doesn't work anymore.

i know i did it once, but this was 1 year ago I think...

oh okay

oops he is not here anymore

it would be very funny when so many treat Satoshi as Jesus and the whitepaper as the Gospels, yet it turns out that it is a different person that coded up Bitcoin

i think this is rather plausible

reddit captcha used mersenne twister :) https://github.com/reddit/reddit/pull/1525

lol nice

belcher: write a yieldgenerator that deduces the last 624 choices of a taker bot and predict :)

hah

Hey, tlsnotary people. Just wanted to check with you if there are any possible attack vectors. Amazon has been moving to a newer way of booting their images. The older PV images had their on grub loader which I had no control over. This was easy in terms of proving un-tampered-ness of the image - since I had no control over the boot sector, all I needed was to hash the files on the filesystem.

The newer HVM method treats your storage device as a full fledged disk with a MBR and boot loader. Now I have to prove that I havent tampered with those boot sectors. The simplest solution is just to hash the raw disk bytes from the beginning up until the point where the ext4 fs starts. Of course on top of that I will have to hash the files on the filesystem as I did with PV images. Any thoughts if hashing raw by

tes like that may not be sufficient?

dansmith_btc: i have absolutely no idea, unfortunately. i wonder where one could get advice on that kind of stuff.

yeah, i guess on one of those stackexchange forums